Notifications
Clear all
Topic starter
25/06/2026 10:45 pm
TL;DR: Banks are treating PKI as critical infrastructure because expired certificates, fragmented ownership, and manual renewals can halt payments and collaboration systems, according to Keyfactor. The real issue is that digital trust now depends on governed, visible, crypto-agile lifecycle controls rather than background certificate administration.
NHIMG editorial — based on content published by Keyfactor: Digital Trust at Scale: How the Biggest Banks Turn Trust into a Launchpad
By the numbers:
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
Questions worth separating out
Q: How should security teams govern certificates in hybrid financial environments?
A: They should treat certificates as governed trust assets, not operational clutter.
Q: Why do expired certificates create such a large operational risk?
A: Because an expired certificate can instantly invalidate authentication or encryption between systems that otherwise remain healthy.
Q: What breaks when certificate ownership is split across many teams?
A: Visibility breaks first, then accountability, then renewal discipline.
Practitioner guidance
- Build a complete certificate inventory Track every certificate, key, and trust anchor across cloud, on-premise, DevOps, and partner environments, and link each one to a business service and named owner.
- Automate renewal before expiry windows close Replace manual renewals with monitored workflows that alert early, route ownership correctly, and force escalation when a certificate approaches expiration.
- Standardise lifecycle policy across all certificate authorities Apply the same issuance, rotation, revocation, and decommissioning rules across public and private CAs so hybrid environments do not fragment control.
What's in the full article
Keyfactor's full blog covers the operational detail this post intentionally leaves for the source:
- How major banks operationalise certificate visibility across cloud, on-premise, and partner ecosystems
- What the article says about post-quantum readiness and hybrid classical plus PQC certificate planning
- How the cited bank examples handled lifecycle automation and trust governance during transformation
- Why interoperable PKI matters during M&A and platform transitions
👉 Read Keyfactor's analysis of PKI governance and digital trust at scale →
PKI governance at scale: are bank trust controls keeping up?
Explore further
25/06/2026 11:26 pm
PKI governance is now a trust governance problem, not a narrow certificate operations problem. The article shows that banks cannot treat certificates as background infrastructure once outages, audits, and transaction reliability all depend on them. The governance failure is not just expiry, but the lack of provable ownership and lifecycle control across distributed environments. Practitioners should treat PKI as a governed identity layer with explicit accountability.
A few things that frame the scale:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to The 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to The 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: How do organisations prepare PKI for post-quantum change?
A: They need a crypto-agility plan built on inventory, ownership, and testable replacement paths. Organisations should identify where RSA and ECC are used, decide which systems can support hybrid certificates, and rehearse algorithm migration before the change is forced by regulation or market pressure. Preparation is a lifecycle problem, not just a cryptography decision.
👉 Read our full editorial: PKI governance gaps are breaking digital trust at scale in finance
